Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
6f17d00994
commit
90cd393409
|
@ -494,16 +494,18 @@ If you configure GitLab to use object storage for CI logs and artifacts,
|
||||||
|
|
||||||
### Proxy Download
|
### Proxy Download
|
||||||
|
|
||||||
A number of the use cases for object storage allow client traffic to be redirected to the
|
Clients can download files in object storage by receiving a pre-signed, time-limited URL,
|
||||||
object storage back end, like when Git clients request large files via LFS or when
|
or by GitLab proxying the data from object storage to the client.
|
||||||
downloading CI artifacts and logs.
|
Downloading files from object storage directly
|
||||||
|
helps reduce the amount of egress traffic GitLab
|
||||||
|
needs to process.
|
||||||
|
|
||||||
When the files are stored on local block storage or NFS, GitLab has to act as a proxy.
|
When the files are stored on local block storage or NFS, GitLab has to act as a proxy.
|
||||||
This is not the default behavior with object storage.
|
This is not the default behavior with object storage.
|
||||||
|
|
||||||
The `proxy_download` setting controls this behavior: the default is generally `false`.
|
The `proxy_download` setting controls this behavior: the default is generally `false`.
|
||||||
Verify this in the documentation for each use case. Set it to `true` so that GitLab proxies
|
Verify this in the documentation for each use case. Set it to `true` if you want
|
||||||
the files.
|
GitLab to proxy the files.
|
||||||
|
|
||||||
When not proxying files, GitLab returns an
|
When not proxying files, GitLab returns an
|
||||||
[HTTP 302 redirect with a pre-signed, time-limited object storage URL](https://gitlab.com/gitlab-org/gitlab/-/issues/32117#note_218532298).
|
[HTTP 302 redirect with a pre-signed, time-limited object storage URL](https://gitlab.com/gitlab-org/gitlab/-/issues/32117#note_218532298).
|
||||||
|
@ -524,7 +526,9 @@ certificate, or may return common TLS errors such as:
|
||||||
x509: certificate signed by unknown authority
|
x509: certificate signed by unknown authority
|
||||||
```
|
```
|
||||||
|
|
||||||
- Clients will need network access to the object storage. Errors that might result
|
- Clients will need network access to the object storage.
|
||||||
|
Network firewalls could block access.
|
||||||
|
Errors that might result
|
||||||
if this access is not in place include:
|
if this access is not in place include:
|
||||||
|
|
||||||
```plaintext
|
```plaintext
|
||||||
|
@ -535,6 +539,10 @@ Getting a `403 Forbidden` response is specifically called out on the
|
||||||
[package repository documentation](packages/index.md#using-object-storage)
|
[package repository documentation](packages/index.md#using-object-storage)
|
||||||
as a side effect of how some build tools work.
|
as a side effect of how some build tools work.
|
||||||
|
|
||||||
|
Additionally for a short time period users could share pre-signed, time-limited object storage URLs
|
||||||
|
with others without authentication. Also bandwidth charges may be incurred
|
||||||
|
between the object storage provider and the client.
|
||||||
|
|
||||||
### ETag mismatch
|
### ETag mismatch
|
||||||
|
|
||||||
Using the default GitLab settings, some object storage back-ends such as
|
Using the default GitLab settings, some object storage back-ends such as
|
||||||
|
|
Loading…
Reference in New Issue